R3166-R3206-HP High-End Firewalls VPN Command Reference-6PW101
116
sha1: Uses a SHA1 fingerprint.
string: Fingerprint to be used. An MD5 fingerprint must be a string of 32 characters in hexadecimal. A
SHA1 fingerprint must be a string of 40 characters in hexadecimal.
Description
Use the root-certificate fingerprint command to configure the fingerprint to be used for verifying the
validity of the CA root certificate.
Use the undo root-certificate fingerprint command to remove the configuration.
By default, no fingerprint is configured for verifying the validity of the CA root certificate.
Examples
# Configure an MD5 fingerprint for verifying the validity of the CA root certificate.
<Sysname> system-view
[Sysname] pki domain 1
[Sysname-pki-domain-1] root-certificate fingerprint md5
12EF53FA355CD23E12EF53FA355CD23E
# Configure a SHA1 fingerprint for verifying the validity of the CA root certificate.
[Sysname-pki-domain-1] root-certificate fingerprint sha1
D1526110AAD7527FB093ED7FC037B0B3CDDDAD93
rule (PKI CERT ACP view)
Syntax
rule [ id ] { deny | permit } group-name
undo rule { id | all }
View
PKI certificate access control policy view
Default level
2: System level
Parameters
id: Number of the certificate attribute access control rule, in the range 1 to 16. The default is the smallest
unused number in this range.
deny: Indicates that a certificate whose attributes match an attribute rule in the specified attribute group
is considered invalid and denied.
permit: Indicates that a certificate whose attributes match an attribute rule in the specified attribute group
is considered valid and permitted.
group-name: Name of the certificate attribute group to be associated with the rule, a case-insensitive
string of 1 to 16 characters. It cannot be “a”, “al”, or “all”.
all: Specifies all access control rules.
Description
Use the rule command to create a certificate attribute access control rule.
Use the undo rule command to delete one or all access control rules.
By default, no access control rule exists.